README.textile in restful_acl-2.0.7 vs README.textile in restful_acl-2.1

- old
+ new

@@ -18,31 +18,31 @@ Add the gem to your environment.rb file as thus: <pre>config.gem "mdarby-restful_acl", :lib => 'restful_acl_controller'</pre> RESTful_ACL requires two named routes: "error" and "denied". Add the following to your routes.rb file: <pre> - map.error '/error', :controller => 'some_controller', :action => 'error_action' - map.denied '/denied', :controller => 'some_controller', :action => 'denied_action' + map.error 'error', :controller => 'some_controller', :action => 'error_action' + map.denied 'denied', :controller => 'some_controller', :action => 'denied_action' </pre> h3. How to Use h4. Controllers Add @before_filter :has_permission?@ into any controller that you'd like to restrict access to (or application_controller.rb for your entire app). h4. Models -Define a parent resource (if one exists) by using the @logical_parent@ method, and define the following five methods in the model of every resource you'd like to restrict access to. The five methods can contain anything you'd like so long as they return a boolean true or false. This allows you to define your User's roles any way you wish. +Define a parent resource (if one exists) by using the @logical_parent@ method, and define the following five methods in the model of every resource you'd like to restrict access to. The five methods can contain anything you'd like so long as they return a boolean true or false. This allows you to define your User's roles any way you wish. <pre> class Issue < ActiveRecord::Base logical_parent :some_model_name - + # This method checks permissions for the :index action def self.is_indexable_by(user, parent = nil) - + end # This method checks permissions for the :create and :new action def self.is_creatable_by(user, parent = nil) @@ -63,10 +63,21 @@ end end </pre> +h5. Singleton Resources + +RESTful_ACL 2.1+ supports singleton resources. Just pass @:singleton@ to the @logical_parent@ + +<pre> + class Car < ActiveRecord::Base + logical_parent :owner, :singleton + ... + end +</pre> + h4. View Helpers There are five view helpers also included in RESTful_ACL: @#indexable@, @#creatable@, @#readable@, @#updatable@, and @#deletable@. These enable you to do nifty things like: <pre> <%= link_to ‘Foo Index’, foos_path if indexable %> @@ -81,22 +92,22 @@ Let's say that you have two resources: Project and Issue. A Project has many Issues, an Issue belongs to a Project. I'd like to make sure that the current user is a member of the Project before they can create a new Issue in that Project: <pre> class Issue < ActiveRecord::Base logical_parent :project - + belongs_to :author belongs_to :project def self.is_indexable_by(user, parent = nil) user.projects.include?(parent) end - + def self.is_creatable_by(user, parent = nil) user.projects.include?(parent) end - + def is_updatable_by(user, parent = nil) user == author && parent.is_active? end def is_deletable_by(user, parent = nil) @@ -119,11 +130,11 @@ <pre> describe "Issue" do before do @project = mock_model(Project) @author = mock_model(User, :projects => [@project]) - + @issue = Issue.factory_girl(:issue, :author => @author, :project => @project) end it "should be modifiable by the author when the Project is active" do @project.stub!(:is_active? => true) @@ -141,22 +152,9 @@ it "should be creatable by those assigned to the Project" do Issue.is_creatable_by(@author, @project).should be_true end end </pre> - -h3. Caveats - -RESTful_ACL doesn't work with nested singleton resources. Wha? Yeah. Those are things in routes.rb like: - -<pre> - # Note the singular forms in 'user.resource :profile' - map.resources :users do |user| - user.resource :profile - end -</pre> - -In these situations I normally skip permission checking altogether as a Profile will always be mapped to the currently logged in User, regardless of the @params[:user_id]@ passed in. You don't trust those either right? Good. h3. Help Add a ticket to "RESTful_ACL's Lighthouse Account":http://mdarby.lighthouseapp.com/projects/28698-restful_acl/overview